﻿using System;
using System.Web;
using System.Web.Configuration;
using System.Data;

public partial class login : System.Web.UI.Page
{
    DBHelper db = new DBHelper(WebConfigurationManager.ConnectionStrings["connString"].ConnectionString);
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void ImageButton1_Click(object sender, EventArgs e)
    {
        string strUserAccount = StringHelper.SafeSqlInput(txtUserName.Value.Trim());
        string strUserPwd = MD5Helper.Encrypt(StringHelper.SafeSqlInput(txtPassword.Value.Trim()));

        if (strUserAccount == "" || strUserPwd == "")
        {
            Response.Write(CommonHelper.alertMsg("用户名或密码不能为空"));
            return;
        }
        else
        {
            DataTable dtUser = db.getList("[member]", "id,userName,userAccount", "userAccount = '" + strUserAccount.Trim() + "' AND userpwd = '" + strUserPwd + "' AND isusing = 1", "ID DESC");

            if (dtUser.Rows.Count > 0)
            {
                DataTable dtRole = db.getList("[memberrole]", "memberid,productid", "memberid = '" + dtUser.Rows[0]["id"].ToString() + "'", "ID DESC");
                Session[AppConfig.SESSION_USER_ISLOGIN] = "1";
                Session[AppConfig.SESSION_USER_NAME] = dtUser.Rows[0]["userName"].ToString();
                Session[AppConfig.SESSION_USER_ACCOUNT] = dtUser.Rows[0]["userAccount"].ToString();

                string roleid = "";
                foreach (DataRow dr in dtRole.Rows)
                {
                    roleid += dr["productid"].ToString() + "|";
                }
                Session[AppConfig.SESSION_USER_ROLE_ID] = roleid;

                if (string.IsNullOrEmpty(Request.QueryString["return"]))
                {
                    Response.Redirect("/Default.aspx");
                }
                else
                {
                    Response.Redirect(HttpUtility.UrlDecode(Request.QueryString["return"]));
                }
            }
            else
            {
                Response.Write(CommonHelper.alertMsg("用户名或密码不正确"));
                return;
            }
        }
    }
}